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The Web Presence Demand 
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I The Web Still Grows 
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INTERNET USERS 

2006 12B Internet Users 

- ]8%of 6.5B people 

2011 2.4B Internet Users 

- 35%of 7B people 
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Smartphone 
Subscribers 



5.6B 




Mobile Phone 
Subscribers 
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The Aooetite for Tablet 




o iPad o iPhons iPbd 



C 1 2 3 4 

Quarters after launch 
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The Need for Effective 
Web Application Security 
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75%of ALL threats target 
the Web Application layer 



Gartner 



93%»f organizations 
hacked in the past two years 
were breached via insecure 
web applications 



Ponemon Institute 
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38%>f companies spend 
more on coffee than on web 
application security. 



Ponemon Institute 



\ Cloud Computing Risks 
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Source: 



" cloud computing makes 

available a well-managed, 
reliable, scalable global 
infrastructure that is, 
unfortunately, almost as well 
suited to illicit computing 
needs as it is to legitimate 
business." 
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\ Web Application Firewalls 
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PORT 23 Close 
PORT 80 Opei 
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Protection of web applications 
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Web Server 
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Protects against web attacks 

Prevents leakage of personal, confidential, and/or proprietary information 

Enables regulatory compliance 
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I Network Firewall, IDS/IPS, or WAF 



WAFs protect the OSI 7 (Application) Layer 



QSI 7 Layers 



7. Application 



6. Presentation 
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5. Session 



4. Transport 



etwork 



2. Data Link 



1. Physical 
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Protection Device 



Web Application Firewall 

• Based on White-list Signature 

• Detect highly sophisticated attacks and encoded traffic 

• Detects unknown attacks 

• Analyzes not only protocol, but also context 



Intrusion Detection / Prevention System 

• Based on Black-list Signature 

• Detects by comparing the pattern of the attack 
signature with network traffic 

• Cannot detect unknown attacks 



Network Firewall 

• Allows/blocks the specific port of the specific IP 
bandwidth 

• Does not have attack detection ability 
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WAPPLES Introduction & the Future 
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O OWASP 



icaiticm Security Project 





OWASP Top 10 (2010) 
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Al: SQL Injection 
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A2: Cross Site Scripting (XSS) 
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A3: Broken Authentication and Session Management 
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A4: Insecure Direct Object References 
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A5: Cross Site Request Forgery (CSRF) 
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A6: Security Misconfiguration 
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A7: Failure to Restrict URL Access 
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A8: Insecure Cryptographic Storage 
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A9: Insufficient Transport Layer Protection 
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A10: Unvalidated Redirects and Forwards 
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WAF is only solution to protect against OWASP Top 10 Threats 
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I WAF delivers compliance 




Payment Card Industry Data Security Standard 
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COMPLIANT 



Attorney General for Australia May 2 2012 

"Australia's privacy laws will be reformed to better protect people's 
personal information, simplify credit reporting arrangements and give new 
enforcement powers ...The changes will be introduced into the Parliament in 
the winter sitting period." 
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Web Application Firewall 



White Ust Access Conti ot 



BEack 
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I Analysts Agree 
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"There is widespread agreement that advanced attacks are 
bypassing our traditional signature-based security controls 
and persisting undetected on our systems for extended 
periods of time. The threat is real." 

"You are compromised; you just don't know it ! " 

Gartner Inc 2012 
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Introducing WAPPLES 1 

The Intelligent Web Application Firewall 
3 rd Generation WAF 




I Introducing Innovation from Korea 



South Korea 48M people : 85%homes K bb : 9]%people mbb 



$220 B revenues 
29.1%smartphone market 
24.2% apple IDC2012 



Korea's Most Innovative Security Vendor 

No. 1 Web Application Firewall Vendor in Korea (WAPPLES) 
No. 1 Database Encryption Solution Vendor in Korea (D'Amo) 
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WAPPLES 



AAmo 
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\ The only solution that delivers 




Agility To Your 
Web presence 



Protects your 
business 



Protects your 
customers 



Secured Web 
presence 



Resources 



Change website anytime 
when you need to 



No brand damage or legal 
liability 



Prevents private and credit 
card data leakage 



Protects against all threats 
known and unknown 



No adminstration or 3 rd party 
testers 
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I WAPPLES: The Intelligent WAF 



INTELLIGENT ENGINE AND RULE SET 
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\ Comprehensive Management 
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Stories 



cr 



THE BANK OF KOREA 



Problems Facing the Bank of Korea: 

Maintain Highest Levels of Security and Availability 
Concerned with SQL injection risks - known and unknown 
Website defacement - Warfare Target 
Existing pattern matching IPS/IDS was ineffective & labor intensive 



"Our existing solution required so much work due to pattern management. 
WAPPLES has substantially reduced my workload while simultaneously 
increasing web application security" 



BuKang Kim, IT Security , The Bank of Korea 



^B, 



wrti-! . • ■. J 



HA CefifiQufHlkjr* \ 



nvu'ri i 1 1 



AmtiT 



24 



Stones 




ING 




LIFE INSURANCE 

Problems Solved 

Needed a secure, reliable, easy-to-use, and cost-efficient system to protect their web applications and 

web servers against known and newly evolving cyber attacks. 

Concerned specifically with preventing the leakage of private information, including credit card numbers 

and social security numbers. 

Support for multiple security policies. 

Protection of private information of clients and partners 

Proactive detection and blocking of known and unknown attacks. 

WHY WAPPLES 

high success rate for identifying and blocking known, modified, and previously unknown attacks 

low rate of false positives, and low administrative overhead, 

Ease of management and the ability to create an unlimited number of security policies 
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Success Stories 
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Korean telecommunications giant KT 



Web security is number one priority for KT business customers 

WAPPLES Virtualised Solution launched by KT as add-on service for cloud customers 

Delivers reliable, affordable, easy-to-use, cloud-based web application security 



Virtual Router 






Traffic Flow 
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WAPPLES V-Series WAPPLES V-Series 



WAF Group 
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Web Server Group 



Local node 



Remote node 



Web Server #1 



Web Server #2 
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